R130. Limit password lifespan

This document details the security requirements related to credentials for access to sensitive information of the organization. In this requirement, it is recommended that the system does not allow its passwords to have a lifespan of more than 30 days.